I am using ubuntu 10.10. with iptables! I want to log my firewall drops in the file /var/log/firewall and NOT in any other logfile.
So I added the following line to my file: /etc/rsyslog.d/50-default.conf:
#iptables Log
kern.warning /var/log/firewall.log
This way my drops and logs from iptables are logging into the right file!
Now i dont know what to add to not log the drops in the other files.. At this time it write every drop in /var/log/messages /var/log/kern.log and /var/log/syslog
Heeeelp :)
I found this one : Add a local application to syslog excluded from /var/log/messages but it doesnt work.. Maybe because its Rsyslogd in Ubuntu 10.10?
Thanks!
Use a discard action after the iptables log, but before the other logs.